From 4c4b0c1f471ea301b054c01e0518843b12e07774 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 28 May 2026 15:48:11 +0000 Subject: [PATCH 1/3] Initial plan From 9698b14e6c83844a7ce0d7b2f35ebc3a1c3be564 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 28 May 2026 16:08:20 +0000 Subject: [PATCH 2/3] Optimize response_items secrecy sharing for PRs and issues --- .../github-guard/rust-guard/src/labels/mod.rs | 10 +++++++++ .../rust-guard/src/labels/response_items.rs | 21 +++++++++++-------- 2 files changed, 22 insertions(+), 9 deletions(-) diff --git a/guards/github-guard/rust-guard/src/labels/mod.rs b/guards/github-guard/rust-guard/src/labels/mod.rs index f2b5866eb..d73d2c9e3 100644 --- a/guards/github-guard/rust-guard/src/labels/mod.rs +++ b/guards/github-guard/rust-guard/src/labels/mod.rs @@ -3478,6 +3478,11 @@ mod tests { // response_items should label the PR from GraphQL format let items = label_response_items("list_pull_requests", &tool_args, &response, &ctx); assert_eq!(items.len(), 1, "Should find 1 PR in GraphQL response"); + assert_eq!( + items[0].labels.description, + "pr:testorg/testrepo#1", + "PR without embedded repo should fall back to tool_args repo scope" + ); assert!( items[0].labels.integrity.iter().any(|t| t == "approved" || t.starts_with("approved:")), "Merged MEMBER PR should get approved integrity, got: {:?}", @@ -3519,6 +3524,11 @@ mod tests { let items = label_response_items("list_issues", &tool_args, &response, &ctx); assert_eq!(items.len(), 1, "Should find 1 issue in GraphQL response"); + assert_eq!( + items[0].labels.description, + "issue:testorg/testrepo#10", + "Issue without embedded repo should fall back to tool_args repo scope" + ); let paths = label_response_paths("list_issues", &tool_args, &response, &ctx); assert!(paths.is_some(), "Should generate path labels for GraphQL issue response"); diff --git a/guards/github-guard/rust-guard/src/labels/response_items.rs b/guards/github-guard/rust-guard/src/labels/response_items.rs index 9e55f73d9..9634bc515 100644 --- a/guards/github-guard/rust-guard/src/labels/response_items.rs +++ b/guards/github-guard/rust-guard/src/labels/response_items.rs @@ -15,6 +15,7 @@ use super::extract_mcp_response; use super::helpers::*; use crate::{LabeledItem, ResourceLabels, SharedLabels}; use serde_json::Value; +use std::borrow::Cow; /// Label individual items in a response (fine-grained labeling) /// This returns labeled items using the legacy format that works with MCP wrappers @@ -147,6 +148,7 @@ pub fn label_response_items( } else { vec![] }; + let secrecy_shared: SharedLabels = secrecy.into(); for item in items_to_process.iter() { let number = extract_resource_number(item, "pr", &arg_repo_full); @@ -201,11 +203,11 @@ pub fn label_response_items( labels: ResourceLabels { description: format!("pr:{}#{}", repo_full_name, number), secrecy: if tool_name == "search_pull_requests" { - repo_visibility_secrecy_for_repo_id(repo_full_name, ctx) + repo_visibility_secrecy_for_repo_id(repo_full_name, ctx).into() } else { - secrecy.clone() + secrecy_shared.clone() } - .into(), + , integrity: integrity.into(), }, }); @@ -261,13 +263,14 @@ pub fn label_response_items( } else { vec![] }; + let secrecy_shared: SharedLabels = secrecy.into(); for item in items_limited.iter().copied() { let item_repo = extract_repo_from_item(item); - let repo_full_name = if item_repo.is_empty() { - default_repo_full_name.clone() + let repo_full_name: Cow<'_, str> = if item_repo.is_empty() { + Cow::Borrowed(default_repo_full_name.as_str()) } else { - item_repo + Cow::Owned(item_repo) }; let repo_private = repo_visibility_private_for_repo_id(&repo_full_name) @@ -285,11 +288,11 @@ pub fn label_response_items( labels: ResourceLabels { description: format!("issue:{}#{}", repo_full_name, number), secrecy: if tool_name == "search_issues" { - repo_visibility_secrecy_for_repo_id(&repo_full_name, ctx) + repo_visibility_secrecy_for_repo_id(&repo_full_name, ctx).into() } else { - secrecy.clone() + secrecy_shared.clone() } - .into(), + , integrity: integrity.into(), }, }); From 5dd4a93db1fa67be030c9607e09d226a8db8ca2b Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 28 May 2026 16:12:24 +0000 Subject: [PATCH 3/3] Fix response_items label field formatting in Rust guard --- guards/github-guard/rust-guard/src/labels/response_items.rs | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/guards/github-guard/rust-guard/src/labels/response_items.rs b/guards/github-guard/rust-guard/src/labels/response_items.rs index 9634bc515..91c7284f6 100644 --- a/guards/github-guard/rust-guard/src/labels/response_items.rs +++ b/guards/github-guard/rust-guard/src/labels/response_items.rs @@ -206,8 +206,7 @@ pub fn label_response_items( repo_visibility_secrecy_for_repo_id(repo_full_name, ctx).into() } else { secrecy_shared.clone() - } - , + }, integrity: integrity.into(), }, }); @@ -291,8 +290,7 @@ pub fn label_response_items( repo_visibility_secrecy_for_repo_id(&repo_full_name, ctx).into() } else { secrecy_shared.clone() - } - , + }, integrity: integrity.into(), }, });